PASHA_BANK_ANNUAL REPORT 2022

103 PASHA Bank 2022 Annual Report General Information Financial Information and Risk Management Review Information on Management and Corporate Governance Principles PASHA Bank’s internal audit, internal control, risk management and compliance departments assume the responsibility to report to the Board of Directors in compliance with the “Regulation on Internal Systems and Internal Capital Adequacy Assessment Process of Banks “as well as the provisions of the “Regulation on Program of Compliance with Obligations of Anti‑Money Laundering of Proceeds of Crime and Combatting the Financing of Terrorism, and conduct their activities in line with these regulations. The internal systems organization of the Bank consisting of Internal Audit, Internal Control, Compliance, and Risk Management Departments that operate in line with the BRSA and The Financial Crimes Investigation Board (MASAK) directives reports to the Board of Directors through the Audit Committee and the Risk Management Committee. Internal Audit Department The internal audit plan is prepared annually as of the end of preceding year, taking into consideration the regulatory amendments and the Bank’s activities’ development and evolution. Also in 2022, the internal audit plan was developed in accordance with the risk assessment report and the results of the risk matrix and was approved by the Board of Directors after Audit Committee’s endorsement. Audit activities in 2022 were realized for the operational areas specified in the audit plan which covers the effectiveness of the Bank’s internal control environment and risk management systems. Throughout the year, the primary activities of such internal systems departments were monitored and reported in accordance with this plan. Decisions taken during the Audit Committee meetings were forwarded to the relevant departments of the Bank by the Bank’s Internal Audit Department. Risk analysis studies for support service institutions were created in line with the views of the internal systems departments, and the periodic evaluation reports and audit reports issued on the relevant organizations were submitted to the Board of Directors. The Internal Audit Department, together with the Internal Control Department, has carried out during the year the audits underlying the Bank’s “Management Statement” within the scope of the Circular No. BSD 2010/3 dated 30 July 2010 of the Banking Regulation and Supervision Agency, and submitted its report first to the Audit Committee and then to the Board of Directors. In addition to the banking processes and information systems controls, the audit of the support service institutions was also carried out by the Internal Audit Department within the scope of the Management Declaration study. Audit results were reviewed by the Audit Committee and the results were presented to the Board of Directors. The Internal Audit Department operates as a whole in the form of an inherent supervision and audit function with respect to the banking and information systems processes and risk management, internal control and compliance practices, and examines and audits units periodically on the basis of risk. It also assumes an objective and independent consulting function in terms of the management of all applications and processes of the bank in parallel with best practices. It provides Board of Directors with assurance that the Bank’s operations are conducted in accordance with laws and other relevant legislation, as well as on such matters as the effectiveness and adequacy of the internal control environment and risk management systems. It offers opinions and recommendations for the effective and efficient utilization of bank resources. Internal Audit Unit conducted audits according to the prescribed audit plan for 2022 and submitted 12 audit reports to the Board of Directors through the Audit Committee. Members of the Internal Audit Unit continued their training activities in 2022. In this context, the Internal Audit Director received 27 hours of trainings and team members participated the trainings related with their areas. Internal Control Department Internal Control Unit is responsible for securing and coordinating a healthy, competent and efficient internal control environment, taking into consideration the evolving and changing nature of the Bank. Internal Control Unit assists the Bank in carrying out its activities efficiently and effectively in line with the management strategy and policies as well as within the framework of current regulation and rules. Furthermore, it is supervised that all control activities within the Bank are carried out duly. Within the scope of the internal control model designed in accordance with three lines of defense principles, Assessments of the Audit Committee on the Activities of Internal Systems